An overview on the Static Code Analysis approach in Software Development
Ivo Gomes 1, Pedro Morgado 1, Tiago Gomes 1, Rodrigo Moreira 2,
1 Software Testing and Quality, Master in Informatics and Computing Engineering, 2 Software Testing and Quality, Doctoral Program in Informatics Engineering, Faculdade de Engenharia da Universidade do Porto, Rua Dr. Roberto Frias 4200-465, Porto, Portugal {ei05021, ei05051, ei05080, pro08007}@fe.up.pt
Abstract. Static analysis examines program code and reasons over all possible behaviors that might arise at run time. Tools based on static analysis can be used to find defects in programs. Recent technology advances has brought forward tools that do deeper analyses that discover more defects and produce a limited amount of false warnings. The aim of this work is to succinctly describe static code analysis, its features and potential, giving an overview of the concepts and technologies behind this type of approach to software development as well as the tools that enable the usage of code reviewing tools to aid programmers in the development of applications, thus being able to improve the code and correct errors before an actual execution of the code. Keywords: static analysis, code review, code inspection, source code, bugs, dynamic analysis, software testing, manual review.
1 Introduction
The use of analytical methods to review source code in order to correct implementation bugs is, and has been, one of the backbone pillars behind software development.
In the beginning of software development there was no conscience on how necessary and effective a review might be, but in the 1970’s, formal review and inspections were recognized as important to productivity and product quality, and thus were adopted by development projects [1]. This new approach to software development acknowledges defect removal in the early stages of the development process proved to produce more reliable and efficient programs. Fagan’s definition of error detection efficiency is as follows [2]: